From 12847e4cf961432f445a3945a4636bc12643bde4 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Wed, 16 Aug 2017 22:44:07 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8E=BBshiro=20=E5=9F=BA=E6=9C=AC=E5=AE=8C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../exception/UnAuthorizedException.java | 19 +++------- .../hsweb-authorization-basic/pom.xml | 5 +++ .../basic/aop/AopAuthorizingController.java | 5 ++- .../basic/handler/AuthorizingHandler.java | 2 + .../handler/DefaultAuthorizingHandler.java | 21 +++++----- .../access/CustomDataAccessHandler.java | 3 +- .../access/DefaultDataAccessController.java | 7 ++-- .../access/FieldFilterDataAccessHandler.java | 22 ++++++----- .../access/FieldScopeDataAccessHandler.java | 14 +++---- .../access/OwnCreatedDataAccessHandler.java | 34 +++++++---------- .../access/ScriptDataAccessHandler.java | 5 ++- .../shiro/ShiroAutoConfiguration.java | 27 ------------- .../web/AuthorizeForbiddenException.java | 38 ------------------- .../web/example/simple/TestController.java | 4 +- .../RestControllerExceptionTranslator.java | 20 ++++------ .../AuthorizationArgumentResolver.java | 6 +-- .../AuthorizationController.java | 2 +- .../authorization/UserController.java | 8 ++-- .../web/starter/authorization/LoginTests.java | 7 +--- .../controller/OAuth2AuthorizeController.java | 4 +- .../controller/OAuth2UserInfoController.java | 6 +-- .../AbstractScopeDataAccessHandler.java | 33 +++++++++------- .../handler/AreaScopeDataAccessHandler.java | 3 +- .../DepartmentScopeDataAccessHandler.java | 5 ++- .../handler/OrgScopeDataAccessHandler.java | 5 ++- .../handler/PersonScopeDataAccessHandler.java | 3 +- .../PositionScopeDataAccessHandler.java | 5 ++- 27 files changed, 125 insertions(+), 188 deletions(-) rename hsweb-core/src/main/java/org/hswebframework/web/AuthorizeException.java => hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/exception/UnAuthorizedException.java (61%) delete mode 100644 hsweb-core/src/main/java/org/hswebframework/web/AuthorizeForbiddenException.java diff --git a/hsweb-core/src/main/java/org/hswebframework/web/AuthorizeException.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/exception/UnAuthorizedException.java similarity index 61% rename from hsweb-core/src/main/java/org/hswebframework/web/AuthorizeException.java rename to hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/exception/UnAuthorizedException.java index 3b130e07c..83d4bead3 100644 --- a/hsweb-core/src/main/java/org/hswebframework/web/AuthorizeException.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/exception/UnAuthorizedException.java @@ -16,24 +16,17 @@ * */ -package org.hswebframework.web; +package org.hswebframework.web.authorization.exception; -public class AuthorizeException extends BusinessException { +public class UnAuthorizedException extends RuntimeException { private static final long serialVersionUID = 2422918455013900645L; - public AuthorizeException() { - this("{no_authorization}"); + public UnAuthorizedException() { + this("{un_authorization}"); } - public AuthorizeException(String message) { - this(message, 401); + public UnAuthorizedException(String message) { + super(message); } - public AuthorizeException(String message, int status) { - super(message, status); - } - - public AuthorizeException(String message, Throwable cause, int status) { - super(message, cause, status); - } } diff --git a/hsweb-authorization/hsweb-authorization-basic/pom.xml b/hsweb-authorization/hsweb-authorization-basic/pom.xml index f15ed0bfd..7627d740d 100644 --- a/hsweb-authorization/hsweb-authorization-basic/pom.xml +++ b/hsweb-authorization/hsweb-authorization-basic/pom.xml @@ -50,6 +50,11 @@ 2.5 provided + + org.hswebframework.web + hsweb-commons-entity + ${project.version} + \ No newline at end of file diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java index 1acd91b50..488bbc0e4 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java @@ -3,10 +3,11 @@ package org.hswebframework.web.authorization.basic.aop; import org.aopalliance.intercept.MethodInterceptor; import org.hswebframework.web.AopUtils; import org.hswebframework.web.authorization.Authentication; -import org.hswebframework.web.authorization.basic.handler.AuthorizingContext; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler; import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.exception.AuthorizationException; +import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor; @@ -31,7 +32,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor if (null != definition) { AuthorizingContext context = new AuthorizingContext(); - context.setAuthentication(Authentication.current().orElseThrow(AuthorizationException::new)); + context.setAuthentication(Authentication.current().orElseThrow(UnAuthorizedException::new)); context.setDefinition(definition); context.setParamContext(paramContext); authorizingHandler.handle(context); diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java index 0b9c5732d..9acae2530 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java @@ -1,5 +1,7 @@ package org.hswebframework.web.authorization.basic.handler; +import org.hswebframework.web.authorization.define.AuthorizingContext; + /** * aop方式权限控制处理器 * @author zhouhao diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java index b761298b8..c04e23cee 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java @@ -10,6 +10,7 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessController; import org.hswebframework.web.authorization.annotation.Logical; import org.hswebframework.web.authorization.define.AuthorizeDefinition; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.authorization.exception.AuthorizationException; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.slf4j.Logger; @@ -47,21 +48,21 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { handleRdac(context.getAuthentication(), context.getDefinition()); //进行数据权限控制 - handleDataAccess(context.getAuthentication(), context.getDefinition(), context.getParamContext()); + handleDataAccess(context); //表达式权限控制 handleExpression(context.getAuthentication(), context.getDefinition(), context.getParamContext()); } - protected void handleDataAccess(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorParamContext paramContext) { + protected void handleDataAccess(AuthorizingContext context) { if (dataAccessController == null) { logger.warn("dataAccessController is null,skip data access control!"); return; } - List permission = authentication.getPermissions() + List permission = context.getAuthentication().getPermissions() .stream() - .filter(per -> definition.getPermissions().contains(per.getId())) + .filter(per -> context.getDefinition().getPermissions().contains(per.getId())) .collect(Collectors.toList()); DataAccessController finalAccessController = dataAccessController; @@ -70,18 +71,16 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { Set accesses = permission .stream().map(Permission::getDataAccesses) .flatMap(Collection::stream) - .filter(access -> definition.getActions().contains(access.getAction())) + .filter(access -> context.getDefinition().getActions().contains(access.getAction())) .collect(Collectors.toSet()); //无规则,则代表不进行控制 if (accesses.isEmpty()) return; //单个规则验证函数 - Function, Boolean> function = - definition.getLogical() == Logical.AND ? - accesses.stream()::allMatch : accesses.stream()::anyMatch; + Function, Boolean> function = accesses.stream()::allMatch; //调用控制器进行验证 - boolean isAccess = function.apply(access -> finalAccessController.doAccess(access, paramContext)); + boolean isAccess = function.apply(access -> finalAccessController.doAccess(access, context)); if (!isAccess) { - throw new AuthorizationException(definition.getMessage()); + throw new AuthorizationException(context.getDefinition().getMessage()); } } @@ -113,8 +112,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { protected void handleRdac(Authentication authentication, AuthorizeDefinition definition) { boolean access = true; + //多个设置时的判断逻辑 Logical logical = definition.getLogical() == Logical.DEFAULT ? Logical.OR : definition.getLogical(); boolean logicalIsOr = logical == Logical.OR; + Set permissionsDef = definition.getPermissions(); Set actionsDef = definition.getActions(); Set rolesDef = definition.getRoles(); diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java index 360bc6e6e..9bbb698e5 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java @@ -21,6 +21,7 @@ package org.hswebframework.web.authorization.basic.handler.access; import org.hswebframework.web.authorization.access.CustomDataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; /** @@ -37,7 +38,7 @@ public class CustomDataAccessHandler implements DataAccessHandler { } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { CustomDataAccessConfig custom = ((CustomDataAccessConfig) access); return custom.getController().doAccess(access, context); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java index 7f8859093..c2f171ea9 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java @@ -3,6 +3,7 @@ package org.hswebframework.web.authorization.basic.handler.access; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessController; import org.hswebframework.web.authorization.access.DataAccessHandler; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import java.util.LinkedList; @@ -36,12 +37,12 @@ public final class DefaultDataAccessController implements DataAccessController { } @Override - public boolean doAccess(DataAccessConfig access, MethodInterceptorParamContext params) { - if (parent != null) parent.doAccess(access, params); + public boolean doAccess(DataAccessConfig access, AuthorizingContext context) { + if (parent != null) parent.doAccess(access, context); return handlers.stream() // TODO: 17-3-28 可以换成access对应的handler以提高效率 .filter(handler -> handler.isSupport(access)) - .allMatch(handler -> handler.handle(access, params)); + .allMatch(handler -> handler.handle(access, context)); } public DefaultDataAccessController addHandler(DataAccessHandler handler) { diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java index 741342395..452edeb36 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java @@ -5,6 +5,7 @@ import org.hswebframework.web.authorization.Permission; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.Entity; import org.hswebframework.web.commons.entity.param.QueryParamEntity; @@ -12,6 +13,8 @@ import org.hswebframework.web.commons.model.Model; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Map; + /** * 数据权限字段过滤处理,目前仅支持deny. {@link DataAccessConfig.DefaultType#DENY_FIELDS} * @@ -22,11 +25,11 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler { @Override public boolean isSupport(DataAccessConfig access) { - return access instanceof FieldFilterDataAccessConfig && DataAccessConfig.DefaultType.DENY_FIELDS.equals(access.getType()); + return access instanceof FieldFilterDataAccessConfig; } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { FieldFilterDataAccessConfig filterDataAccessConfig = ((FieldFilterDataAccessConfig) access); switch (access.getAction()) { @@ -48,10 +51,11 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler { * @see BeanUtilsBean * @see org.apache.commons.beanutils.PropertyUtilsBean */ - protected boolean doUpdateAccess(FieldFilterDataAccessConfig accesses, MethodInterceptorParamContext params) { - Object supportParam = params.getParams().values().stream() - .filter(param -> (param instanceof Entity) | (param instanceof Model)) - .findAny().orElse(null); + protected boolean doUpdateAccess(FieldFilterDataAccessConfig accesses, AuthorizingContext params) { + Object supportParam = params.getParamContext().getParams().values().stream() + .filter(param -> (param instanceof Entity) || (param instanceof Model)||(param instanceof Map)) + .findAny() + .orElse(null); if (null != supportParam) { for (String field : accesses.getFields()) { try { @@ -64,14 +68,14 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler { } } } else { - logger.warn("doUpdateAccess skip ,because can not found any entity in param!"); + logger.warn("doUpdateAccess skip ,because can not found any support entity in param!"); } return true; } - protected boolean doQueryAccess(FieldFilterDataAccessConfig access, MethodInterceptorParamContext context) { - QueryParamEntity entity = context.getParams() + protected boolean doQueryAccess(FieldFilterDataAccessConfig access, AuthorizingContext context) { + QueryParamEntity entity = context.getParamContext().getParams() .values().stream() .filter(QueryParamEntity.class::isInstance) .map(QueryParamEntity.class::cast) diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java index 9cd7ec3f9..d288d1014 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java @@ -9,6 +9,7 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig; import org.hswebframework.web.authorization.annotation.RequiresDataAccess; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.param.QueryParamEntity; import org.hswebframework.web.controller.QueryController; @@ -33,9 +34,9 @@ public class FieldScopeDataAccessHandler implements DataAccessHandler { } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { FieldScopeDataAccessConfig own = ((FieldScopeDataAccessConfig) access); - Object controller = context.getTarget(); + Object controller = context.getParamContext().getTarget(); if (controller != null) { switch (access.getAction()) { case Permission.ACTION_QUERY: @@ -55,10 +56,9 @@ public class FieldScopeDataAccessHandler implements DataAccessHandler { } @SuppressWarnings("unchecked") - protected boolean doRWAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context, Object controller) { + protected boolean doRWAccess(FieldScopeDataAccessConfig access, AuthorizingContext context, Object controller) { //获取注解 - RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class); - Object id = context.getParameter(dataAccess.idParamName()).orElse(null); + Object id = context.getParamContext().getParameter(context.getDefinition().getDataAccessDefinition().getIdParameterName()).orElse(null); //通过QueryController获取QueryService //然后调用selectByPk 查询旧的数据,进行对比 if (controller instanceof QueryController) { @@ -80,8 +80,8 @@ public class FieldScopeDataAccessHandler implements DataAccessHandler { } - protected boolean doQueryAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context) { - QueryParamEntity entity = context.getParams() + protected boolean doQueryAccess(FieldScopeDataAccessConfig access, AuthorizingContext context) { + QueryParamEntity entity = context.getParamContext().getParams() .values().stream() .filter(QueryParamEntity.class::isInstance) .map(QueryParamEntity.class::cast) diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java index adced1686..3a6707b61 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java @@ -2,14 +2,11 @@ package org.hswebframework.web.authorization.basic.handler.access; import org.hsweb.ezorm.core.param.Term; import org.hswebframework.utils.ClassUtils; -import org.hswebframework.web.AuthorizeException; -import org.hswebframework.web.authorization.Authentication; import org.hswebframework.web.authorization.Permission; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.OwnCreatedDataAccessConfig; -import org.hswebframework.web.authorization.annotation.RequiresDataAccess; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.commons.entity.Entity; import org.hswebframework.web.commons.entity.RecordCreationEntity; import org.hswebframework.web.commons.entity.param.QueryParamEntity; @@ -35,9 +32,9 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { OwnCreatedDataAccessConfig own = ((OwnCreatedDataAccessConfig) access); - Object controller = context.getTarget(); + Object controller = context.getParamContext().getTarget(); if (controller != null) { switch (access.getAction()) { case Permission.ACTION_QUERY: @@ -45,7 +42,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { case Permission.ACTION_GET: case Permission.ACTION_DELETE: case Permission.ACTION_UPDATE: - return doRWAccess(own, context, controller); + return doRWAccess(own, context,controller); case Permission.ACTION_ADD: //put creator_id to data return putCreatorId(own, context); @@ -58,16 +55,14 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { return true; } - public boolean putCreatorId(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context) { - RecordCreationEntity entity = context.getParams() + public boolean putCreatorId(OwnCreatedDataAccessConfig access, AuthorizingContext context) { + RecordCreationEntity entity = context.getParamContext().getParams() .values().stream() .filter(RecordCreationEntity.class::isInstance) .map(RecordCreationEntity.class::cast) .findAny().orElse(null); if (entity != null) { - entity.setCreatorId(Authentication.current() - .orElseThrow(AuthorizeException::new) - .getUser().getId()); + entity.setCreatorId(context.getAuthentication().getUser().getId()); } else { logger.warn("try put creatorId property,but not found any RecordCreationEntity!"); } @@ -75,10 +70,9 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { } @SuppressWarnings("unchecked") - protected boolean doRWAccess(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context, Object controller) { + protected boolean doRWAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context, Object controller) { //获取注解 - RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class); - Object id = context.getParameter(dataAccess.idParamName()).orElse(null); + Object id = context.getParamContext().getParameter(context.getDefinition().getDataAccessDefinition().getIdParameterName()).orElse(null); //通过QueryController获取QueryService //然后调用selectByPk 查询旧的数据,进行对比 if (controller instanceof QueryController) { @@ -88,7 +82,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { QueryService queryService = ((QueryController) controller).getService(); RecordCreationEntity oldData = queryService.selectByPk(id); - if (oldData != null && !Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId().equals(oldData.getCreatorId())) { + if (oldData != null &&context.getAuthentication().getUser().getId().equals(oldData.getCreatorId())) { return false; } } @@ -96,8 +90,8 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { return true; } - protected boolean doQueryAccess(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context) { - Entity entity = context.getParams() + protected boolean doQueryAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context) { + Entity entity = context.getParamContext().getParams() .values().stream() .filter(Entity.class::isInstance) .map(Entity.class::cast) @@ -116,11 +110,11 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { queryParamEntity.setTerms(new ArrayList<>()); //添加一个查询条件 queryParamEntity - .where(RecordCreationEntity.creatorId, Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId()) + .where(RecordCreationEntity.creatorId,context.getAuthentication().getUser().getId()) //客户端提交的参数 作为嵌套参数 .nest().setTerms(oldParam); } else if (entity instanceof RecordCreationEntity) { - ((RecordCreationEntity) entity).setCreatorId(Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId()); + ((RecordCreationEntity) entity).setCreatorId(context.getAuthentication().getUser().getId()); } else { logger.warn("try validate query access,but entity not support, QueryParamEntity and RecordCreationEntity support now!"); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java index 39dc9169c..858d9e198 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java @@ -8,6 +8,7 @@ import org.hswebframework.web.BusinessException; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.ScriptDataAccessConfig; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; /** @@ -22,7 +23,7 @@ public class ScriptDataAccessHandler implements DataAccessHandler { } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { ScriptDataAccessConfig dataAccess = ((ScriptDataAccessConfig) access); DynamicScriptEngine engine = DynamicScriptEngineFactory.getEngine(dataAccess.getScriptLanguage()); if (engine == null) throw new UnsupportedOperationException(dataAccess.getScriptLanguage() + " {not_support}"); @@ -31,7 +32,7 @@ public class ScriptDataAccessHandler implements DataAccessHandler { if (!engine.compiled(scriptId)) { engine.compile(scriptId, dataAccess.getScript()); } - Object success = engine.execute(scriptId, context.getParams()).getIfSuccess(); + Object success = engine.execute(scriptId, context.getParamContext().getParams()).getIfSuccess(); return StringUtils.isTrue(success); } catch (Exception e) { throw new BusinessException("{script_error}", e); diff --git a/hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java b/hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java index a3e0ea264..5f86744dd 100644 --- a/hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java +++ b/hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java @@ -34,9 +34,7 @@ import org.hswebframework.web.authorization.AuthenticationHolder; import org.hswebframework.web.authorization.AuthenticationManager; import org.hswebframework.web.authorization.AuthenticationSupplier; import org.hswebframework.web.authorization.access.DataAccessController; -import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.shiro.boost.BoostAuthorizationAttributeSourceAdvisor; -import org.hswebframework.web.authorization.shiro.boost.DefaultDataAccessController; import org.hswebframework.web.authorization.shiro.cache.SpringCacheManagerWrapper; import org.hswebframework.web.authorization.shiro.remember.SimpleRememberMeManager; import org.hswebframework.web.controller.message.ResponseMessage; @@ -145,31 +143,6 @@ public class ShiroAutoConfiguration { return securityManager; } - @Bean - @ConditionalOnMissingBean - public DefaultDataAccessController defaultDataAccessController() { - return new DefaultDataAccessController(); - } - - @Bean - @ConditionalOnBean(DefaultDataAccessController.class) - public BeanPostProcessor dataAccessControllerProcessor(DefaultDataAccessController defaultDataAccessController) { - return new BeanPostProcessor() { - @Override - public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { - return bean; - } - - @Override - public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException { - if (bean instanceof DataAccessHandler) { - defaultDataAccessController.addHandler(((DataAccessHandler) bean)); - } - return bean; - } - }; - } - @Bean public BoostAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager, diff --git a/hsweb-core/src/main/java/org/hswebframework/web/AuthorizeForbiddenException.java b/hsweb-core/src/main/java/org/hswebframework/web/AuthorizeForbiddenException.java deleted file mode 100644 index 0312bb901..000000000 --- a/hsweb-core/src/main/java/org/hswebframework/web/AuthorizeForbiddenException.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * - * * Copyright 2016 http://www.hswebframework.org - * * - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * - */ - -package org.hswebframework.web; - -/** - * Created by 浩 on 2015-12-23 0023. - */ -public class AuthorizeForbiddenException extends BusinessException { - private static final long serialVersionUID = 2422918455013900645L; - - public AuthorizeForbiddenException(String message) { - this(message, 403); - } - - public AuthorizeForbiddenException(String message, int status) { - super(message, status); - } - - public AuthorizeForbiddenException(String message, Throwable cause, int status) { - super(message, cause, status); - } -} diff --git a/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/TestController.java b/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/TestController.java index 0a66cbf95..15e322d69 100644 --- a/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/TestController.java +++ b/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/TestController.java @@ -1,11 +1,11 @@ package org.hswebframework.web.example.simple; import io.swagger.annotations.ApiOperation; -import org.hswebframework.web.AuthorizeException; import org.hswebframework.web.authorization.Authentication; import org.hswebframework.web.authorization.Permission; import org.hswebframework.web.authorization.annotation.Authorize; import org.hswebframework.web.authorization.annotation.RequiresDataAccess; +import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.commons.entity.Entity; import org.hswebframework.web.commons.entity.PagerResult; import org.hswebframework.web.commons.entity.param.QueryParamEntity; @@ -94,7 +94,7 @@ public class TestController implements QueryController updateLoginUserPassword(@RequestParam String password, @RequestParam String oldPassword) { - Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new); + Authentication authentication = Authentication.current().orElseThrow(UnAuthorizedException::new); getService().updatePassword(authentication.getUser().getId(), oldPassword, password); return ok(); } diff --git a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java index 85f6bb9f4..b408b0426 100644 --- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java +++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java @@ -18,16 +18,12 @@ package org.hswebframework.web.starter.authorization; import com.alibaba.fastjson.JSONObject; -import org.apache.commons.codec.binary.Base64; -import org.hswebframework.expands.security.Encrypt; -import org.hswebframework.expands.security.rsa.RSAPublicEncrypt; import org.hswebframework.web.entity.authorization.UserEntity; import org.hswebframework.web.service.authorization.UserService; import org.hswebframework.web.tests.SimpleWebApplicationTests; import org.junit.After; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.util.Assert; import java.sql.SQLException; @@ -61,6 +57,7 @@ public class LoginTests extends SimpleWebApplicationTests { builder.param("password", "password_1234"); }).exec().resultAsJson(); - org.junit.Assert.assertEquals(json.get("result"), userEntity.getId()); + org.junit.Assert.assertEquals(userEntity.getId(), json.getJSONObject("result").getString("userId")); + } } diff --git a/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java b/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java index 577e98d6f..5625c5b87 100644 --- a/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java +++ b/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2AuthorizeController.java @@ -20,9 +20,9 @@ package org.hswebframework.web.authorization.oauth2.controller; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import org.hswebframework.web.AuthorizeException; import org.hswebframework.web.authorization.Authentication; import org.hswebframework.web.authorization.annotation.Authorize; +import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken; import org.hswebframework.web.authorization.oauth2.server.support.OAuth2Granter; import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCodeRequest; @@ -62,7 +62,7 @@ public class OAuth2AuthorizeController { @RequestParam("redirect_uri") String redirectUri, @RequestParam(value = "state", required = false) String state, HttpServletRequest request) { - Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new); + Authentication authentication = Authentication.current().orElseThrow(UnAuthorizedException::new); AuthorizationCodeRequest codeRequest = new HttpAuthorizationCodeRequest(authentication.getUser().getId(), request); diff --git a/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java b/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java index 4d8bb889c..d837138a9 100644 --- a/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java +++ b/hsweb-system/hsweb-system-oauth2-server/hsweb-system-oauth2-server-controller/src/main/java/org/hswebframework/web/authorization/oauth2/controller/OAuth2UserInfoController.java @@ -20,9 +20,9 @@ package org.hswebframework.web.authorization.oauth2.controller; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import org.hswebframework.web.AuthorizeException; import org.hswebframework.web.authorization.Authentication; import org.hswebframework.web.authorization.AuthenticationHolder; +import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken; import org.hswebframework.web.authorization.oauth2.server.token.AccessTokenService; import org.springframework.web.bind.annotation.*; @@ -48,7 +48,7 @@ public class OAuth2UserInfoController { public Authentication getLoginUser(@RequestParam("access_token") String access_token) { OAuth2AccessToken auth2AccessEntity = accessTokenService.getTokenByAccessToken(access_token); if (null == auth2AccessEntity) { - throw new AuthorizeException(); + throw new UnAuthorizedException(); } return AuthenticationHolder.get(auth2AccessEntity.getOwnerId()); } @@ -60,7 +60,7 @@ public class OAuth2UserInfoController { @RequestParam("access_token") String access_token) { OAuth2AccessToken auth2AccessEntity = accessTokenService.getTokenByAccessToken(access_token); if (null == auth2AccessEntity) { - throw new AuthorizeException(); + throw new UnAuthorizedException(); } return AuthenticationHolder.get(userId); } diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java index 9b0f5844c..828786d74 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java @@ -7,6 +7,7 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.ScopeDataAccessConfig; import org.hswebframework.web.authorization.annotation.RequiresDataAccess; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.Entity; @@ -43,7 +44,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan protected abstract void applyScopeProperty(E entity, String value); - protected abstract Term createQueryTerm(Set scope); + protected abstract Term createQueryTerm(Set scope,AuthorizingContext context); protected abstract Set getTryOperationScope(String scopeType, PersonnelAuthorization authorization); @@ -53,7 +54,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan } @Override - public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + public boolean handle(DataAccessConfig access, AuthorizingContext context) { ScopeDataAccessConfig accessConfig = ((ScopeDataAccessConfig) access); switch (accessConfig.getAction()) { case Permission.ACTION_QUERY: @@ -73,7 +74,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan .orElseThrow(UnsupportedOperationException::new); // TODO: 17-5-23 其他异常? } - protected boolean handleAdd(ScopeDataAccessConfig access, MethodInterceptorParamContext context) { + protected boolean handleAdd(ScopeDataAccessConfig access, AuthorizingContext context) { PersonnelAuthorization authorization = getPersonnelAuthorization(); Set scopes = authorization.getRootOrgId(); String scope = null; @@ -86,7 +87,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan } if (scope != null) { String finalScopeId = scope; - context.getParams().values().stream() + context.getParamContext().getParams().values().stream() .filter(getEntityClass()::isInstance) .map(getEntityClass()::cast) .forEach(entity -> applyScopeProperty(entity, finalScopeId)); @@ -96,11 +97,16 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan return defaultSuccessOnError; } - protected boolean handleRW(ScopeDataAccessConfig access, MethodInterceptorParamContext context) { + protected boolean handleRW(ScopeDataAccessConfig access, AuthorizingContext context) { //获取注解 - RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class); - Object id = context.getParameter(dataAccess.idParamName()).orElse(null); - Object controller = context.getTarget(); + Object id = context.getParamContext() + .getParameter( + context.getDefinition() + .getDataAccessDefinition() + .getIdParameterName()) + .orElse(null); + + Object controller = context.getParamContext().getTarget(); Set ids = getTryOperationScope(access); String errorMsg; //通过QueryController获取QueryService @@ -133,8 +139,8 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan return getTryOperationScope(access.getScopeType(), getPersonnelAuthorization()); } - protected boolean handleQuery(ScopeDataAccessConfig access, MethodInterceptorParamContext context) { - Entity entity = context.getParams() + protected boolean handleQuery(ScopeDataAccessConfig access, AuthorizingContext context) { + Entity entity = context.getParamContext().getParams() .values().stream() .filter(Entity.class::isInstance) .map(Entity.class::cast) @@ -160,7 +166,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan queryParamEntity.setTerms(new ArrayList<>()); //添加一个查询条件 queryParamEntity - .addTerm(createQueryTerm(scope)) + .addTerm(createQueryTerm(scope,context)) //客户端提交的参数 作为嵌套参数 .nest().setTerms(oldParam); } else { @@ -169,9 +175,8 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan return true; } - protected boolean genericTypeInstanceOf(Class type) { - MethodInterceptorHolder holder = MethodInterceptorHolder.current(); - Class entity = ClassUtils.getGenericType(holder.getTarget().getClass()); + protected boolean genericTypeInstanceOf(Class type, AuthorizingContext context) { + Class entity = ClassUtils.getGenericType(context.getParamContext().getTarget().getClass()); return null != entity && ClassUtils.instanceOf(entity, type); } } diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AreaScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AreaScopeDataAccessHandler.java index 43b6642cf..3643a1574 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AreaScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AreaScopeDataAccessHandler.java @@ -2,6 +2,7 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.entity.organizational.authorization.DistrictAttachEntity; import org.hswebframework.web.organizational.authorization.PersonnelAuthorization; @@ -49,7 +50,7 @@ public class AreaScopeDataAccessHandler extends AbstractScopeDataAccessHandler scope) { + protected Term createQueryTerm(Set scope, AuthorizingContext context) { Term term = new Term(); term.setColumn(DistrictAttachEntity.districtId); term.setTermType(TermType.in); diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/DepartmentScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/DepartmentScopeDataAccessHandler.java index 6a14c8b57..1ef05e47d 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/DepartmentScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/DepartmentScopeDataAccessHandler.java @@ -2,6 +2,7 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.entity.organizational.DepartmentEntity; import org.hswebframework.web.entity.organizational.OrganizationalEntity; import org.hswebframework.web.entity.organizational.authorization.DepartmentAttachEntity; @@ -54,9 +55,9 @@ public class DepartmentScopeDataAccessHandler extends AbstractScopeDataAccessHan } @Override - protected Term createQueryTerm(Set scope) { + protected Term createQueryTerm(Set scope, AuthorizingContext context) { Term term = new Term(); - if (genericTypeInstanceOf(DepartmentEntity.class)) { + if (genericTypeInstanceOf(DepartmentEntity.class,context)) { term.setColumn(DepartmentEntity.id); } else { term.setColumn(DepartmentAttachEntity.departmentId); diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java index 5e36da7d6..4da3af9de 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java @@ -3,6 +3,7 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; import org.hswebframework.utils.ClassUtils; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.entity.organizational.OrganizationalEntity; @@ -56,9 +57,9 @@ public class OrgScopeDataAccessHandler extends AbstractScopeDataAccessHandler scope) { + protected Term createQueryTerm(Set scope, AuthorizingContext context) { Term term = new Term(); - if (genericTypeInstanceOf(OrganizationalEntity.class)) { + if (genericTypeInstanceOf(OrganizationalEntity.class,context)) { term.setColumn(OrganizationalEntity.id); } else { term.setColumn(OrgAttachEntity.orgId); diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PersonScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PersonScopeDataAccessHandler.java index d5a2e6726..4d2ef3967 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PersonScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PersonScopeDataAccessHandler.java @@ -2,6 +2,7 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.entity.organizational.authorization.PersonAttachEntity; import org.hswebframework.web.organizational.authorization.PersonnelAuthorization; import org.hswebframework.web.organizational.authorization.access.DataAccessType; @@ -51,7 +52,7 @@ public class PersonScopeDataAccessHandler extends AbstractScopeDataAccessHandler } @Override - protected Term createQueryTerm(Set scope) { + protected Term createQueryTerm(Set scope, AuthorizingContext context) { Term term = new Term(); term.setColumn(PersonAttachEntity.personId); term.setTermType(TermType.in); diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PositionScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PositionScopeDataAccessHandler.java index 9be6a9ed9..18d363c32 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PositionScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PositionScopeDataAccessHandler.java @@ -2,6 +2,7 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; +import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.entity.organizational.PositionEntity; import org.hswebframework.web.entity.organizational.authorization.PositionAttachEntity; import org.hswebframework.web.organizational.authorization.PersonnelAuthorization; @@ -52,9 +53,9 @@ public class PositionScopeDataAccessHandler extends AbstractScopeDataAccessHandl } @Override - protected Term createQueryTerm(Set scope) { + protected Term createQueryTerm(Set scope, AuthorizingContext context) { Term term = new Term(); - if (genericTypeInstanceOf(PositionEntity.class)) { + if (genericTypeInstanceOf(PositionEntity.class,context)) { term.setColumn(PositionEntity.id); } else { term.setColumn(PositionAttachEntity.positionId);